[PATCH 05/25] wmifs: Prevent crash when too many devices.

Wed, 22 Oct 2014 14:36:06 -0700 

Patch by Chris Hanson <[email protected]>.  First appeared in Debian
package 1.3b1-6.

>From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=39922:
wmifs crashes with a cryptic X error message when there are more than
4 net devices.  This occurs for me because I install vmware, which
installs 4 network devices for its bridging hack.

The bug is a loop that fills a fixed-length array, but doesn't stop
when the array is full.  The fix is to add a conditional break to the
loop.  A patch appears below.

I made two additional changes: (1) increased the size of the array,
and (2) changed a name comparison to compare all of the characters of
the name, rather than just the visible characters, since there may be
multiple net devices with the same first 4 characters (vmware does
this, too).
---
 wmifs/wmifs/wmifs.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/wmifs/wmifs/wmifs.c b/wmifs/wmifs/wmifs.c
index 52ea3e5..aaaf846 100644
--- a/wmifs/wmifs/wmifs.c
+++ b/wmifs/wmifs/wmifs.c
@@ -306,7 +306,7 @@ int main(int argc, char *argv[]) {
 |* wmifs_routine                                                               
                                                           *|
 
\*******************************************************************************/
 
-#define MAX_STAT_DEVICES 4
+#define MAX_STAT_DEVICES 16
 
 typedef struct {
 
@@ -485,7 +485,7 @@ void wmifs_routine(int argc, char **argv) {
                                                stat_online = checknetdevs();
                                                stat_current = 0;
                                                for (i=0; i<stat_online; i++) {
-                                                       if (!strncmp(temp, 
stat_devices[i].name, 4)) {
+                                                       if (!strcmp(temp, 
stat_devices[i].name)) {
                                                                stat_current = 
i;
                                                        }
                                                }
@@ -718,6 +718,8 @@ int checknetdevs(void) {
                                strcpy(foundbuffer[devsfound], p);
                                devsfound++;
                        }
+                       if (devsfound >= MAX_STAT_DEVICES)
+                               break;
                }
                fclose(fd);
        }
@@ -739,7 +741,7 @@ int checknetdevs(void) {
                }
        }
 
-       for (i=0, j=0; j<MAX_STAT_DEVICES; i++) {
+       for (i=0, j=0; j<MAX_STAT_DEVICES; i++, j++) {
 
                while (!stat_devices[j].name[0] && j < MAX_STAT_DEVICES)
                        j++;
@@ -747,8 +749,6 @@ int checknetdevs(void) {
                if (j < MAX_STAT_DEVICES && i != j) {
                        stat_devices[i] = stat_devices[j];
                }
-               
-               j++;
        }
        i--;
 
-- 
1.9.1


-- 
To unsubscribe, send mail to [email protected].

Reply via email to